take-ownership

Warn

Audited by Snyk on Jun 27, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). Skill runtime LLM context is driven by the GitHub issue body/comments and linked specs read via gh issue view / gh api in Phase 1–2; those are outsider-authored free text (other users’ issue content) that can be injected into the agent’s prompt.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). Skill explicitly instructs running privileged operations that modify system state (scp/rsync/remote cat >, chown, sudo -u, service restart, journalctl, etc.) and to perform deploy-file writes and permission changes—actions that require or escalate sudo and can compromise the host.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 27, 2026, 08:39 PM
Issues
2
Security Audit — snyk — take-ownership